A Call on TECNO to Uphold Users Privacy and Security

Open Letter |

Strengthening the digital security of at-risk groups and organisations amidst growing digital rights attacks in Africa has become increasingly crucial. However, inadequate device security is undermining such efforts.

Investigations by Privacy International have revealed that TECNO – a phone manufacturer with an estimated 47% market share in East Africa and widely used across other regions on the continent – is putting users’ privacy and security at risk. 

Based on testing of a TECNO device – the Y2 – purchased in Uganda, the investigations reveal that the phone’s operating system was outdated, having not received updates since 2013. Further, pre-installed applications that users can not uninstall were using up space on the device. Whereas the specific model of phone with the vulnerabilities was discontinued from production by TECNO back in November 2019, it remained on sale as recently as 2020. 

In response to the revelations, Privacy International, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA), together with nine other civil society organisations have submitted a letter to TECNO calling on the Chinese manufacturer to make changes to their practices and protect users’ privacy and security.

The letter urges TECNO to make three key changes to significantly improve their users’ privacy and security:

  1. TECNO should ship phones with a supported version of the Android operating system.
  2. TECNO should do their best to support the longevity of their devices and therefore combat e-waste. They must tell consumers, at the point of sale, how long their device will be supported, provide regular updates to the device, and notify users when continuing to use a device poses a risk to their privacy or security.
  3. TECNO should minimise the amount of bloatware, superfluous apps and other extras that come pre-installed on their phones. Whenever bloatware is included, it should exist in the user partition and therefore be removable by the user.

“It’s vital that TECNO listen to civil society and make these small changes to protect their users. TECNO users across Africa and the world deserve to know what they’re buying, especially when their phone will no longer receive security support,” said Caitlin Bishop, Privacy International’s project lead on work around low-cost technology.

Skills in digital security and safety are lacking among some of the most at-risk groups in many African countries. Surveillance schemes by state and non-state actors leverage this skills and knowledge gap. It is important therefore that leading device manufacturers, such as TECNO, guarantee privacy and security by design in order to ensure the safety of users,” said Ashnah Kalemera, CIPESA’s Programme Manager.

A copy of the letter can be accessed here.

CIPESA Conducts Digital Safety Training for Journalists and Activists in Tanzania and Uganda

By Ashnah Kalemera |
This month, the Collaboration on International ICT Policy in East and Southern Africa (CIPESA) has given training to human rights defenders, journalists, bloggers and media practitioners in Tanzania and Uganda in safety and security tactics to promote privacy and freedom of expression online.
The training, conducted in Kampala on April 10 and in Dar es Salaam on April 14 and 15, also helped participants to understand the laws and policies governing digital communications in the two east African countries.
The trainings explored basic computer security for operating systems, data storage and software updates. In addition, safety and security tips for using social media such as Facebook and Twitter, email and mobile communications were shared. Strong emphasis was placed on ensuring privacy of these communication tools and creating strong passwords. The trainings also explored techniques for responding to surveillance and censorship using anonymous browser tools, Virtual Private Networks (VPN) and Encryption.
Participants in the two countries shared their experiences – with varying levels of expertise – in securing their communications.
“I do not share my laptop regardless of who you are,” stated one Ugandan participant. He added that he did not access his email on phone or at internet cafes, cautioning the participants who did. “Any email has to wait until I get to my encrypted laptop,” he said.
A Tanzanian journalist said that whereas she makes the effort to secure all her devices and online user accounts, she often used the same password across board. This highlighted the shortage of digital safety skills among some of the most regular users of digital technologies in the country.
Participants in both trainings noted that in some cases, civil society organisations were “lazy” in adopting the latest technology to ensure the safety and security of their operations and their staff online. In other cases, financial resources were a limitation. Another challenge highlighted was the slow internet speeds in both countries, hence forcing users to access the internet on several devices.
On the legal and regulatory front, discussions centered around the proposed Cyber Crime Bill in Tanzania and the Uganda Data Protection and Privacy Bill and the need for the two countries to adopt laws that support internet freedoms.
Participants also raised concern about recent developments in neighbouring Kenya and their potential impact on the use of information and communication technologies (ICT) across all member states of the East African Community.
Participants in both the Tanzania and Uganda trainings called for increased awareness of online freedom amongst internet users, particularly vulnerable groups such as women and youth to promote greater appreciation for the need to adopt safety and security practices online.
Overview of training beneficiaries
Individuals from 27 organisations benefited from the training, out of which an average of 33% were women and 67% were men.
Figure 1: Training beneficiaries by gender
Figure 2: Training Beneficiaries by user/organisation category
The trainings were organised by CIPESA in partnership with the Pan African Human Rights Defenders Project and Jamii Forums in Uganda and Tanzania respectively in the context of CIPESA’s OpenNet Africa project supported by Hivos, the Open Technology Fund and the Association for Progressive Communications.
Upcoming digital safety skills engagements include for journalists in Uganda (to coincide with World Press Freedom Day on May 3) and for the local tech community.

Online Privacy and Security: The Debate And The Dilemma

By Ashnah Kalemera
The issue of internet users’ privacy and security has been widely debated since the Edward Snowden revelations last June put a magnifying glass on the extremes that some governments, such as the U.S., are prepared to go to in the fight against terrorism and cybercrime.
To-date, debate rages on amongst human rights activists, government, media, academia and the private sector on the effects of surveillance on internet freedoms. It is also becoming apparent that some developing countries are also taking to surveillance of their citizens’ communications.
These discussions continued at this year’s Stockholm Internet Forum (SIF), themed “Internet: privacy, transparency, surveillance and control”. The annual forum hosted by the Swedish Ministry for Foreign Affairs in partnership with the country’s Internet Infrastructure Foundation (.se) and the Swedish Development Cooperation Agency (Sida), took place in Stockholm, Sweden, May 27–28, 2014.
In her opening address, Anna-Karin Hatt, Sweden’s Minister for Information Technology, said there would be grave consequences to basic human rights if states across the world continued to undertake unrestricted surveillance.
“During the last year, we have had more than one reason to discuss the behaviour between states and the behaviour of states within their borders,” she said. “The most valuable lesson has been that all surveillance must be subjected to strict limitations.” She added that “no system of surveillance must be justified because it is technologically possible.”
Rather, where legitimate cause exists, “surveillance must be proportional to the benefits it brings to citizens in terms of reduction in crime and improved security”. Furthermore, she argued, it must be based on transparent laws that are adopted through democratic processes.
She also noted that the last year had seen many multi-stakeholder meetings and processes on the matter. These included the 2013 global Internet Governance Forum, NetMundial, the Freedom Online Coalition, and the 2014 Cyber Dialogue. However, she added, it was still important to continue these discussions with participation from a broad range of state and non-state stakeholders in order to reach a consensus.
According to the International Telecommunications Union (ITU), only 19% of Africans use the internet compared to 75% (Europe), 32% (Asia) and 65% (the Americas). Africa also has the lowest mobile phone penetration rates. Low literacy levels, high cost of accessing and owning ICT, acute shortages of electricity, gender inequalities and a shortage of skilled human resources have contributed to the continent’s low ICT use. Even with this limited access, internet use is further impeded by government policies and practices that threaten internet freedom.
While African governments may not be blatantly or capably conducting surveillance on the scale of the National Security Agency (NSA) in the U.S., in recent years they have not shied away from requesting for social media users’ information and seeking content take downs. This is a reflection of the growing interest in what citizens are doing online.
According to the recently published State of Internet Freedom in East Africa report, national constitutions and a number of legislations on the continent provide for freedoms of expression, assembly, privacy and access to information. However, various recently enacted laws take away from citizens’ enjoyment of these freedoms in the online space.
James A. Lewis, director and senior fellow at the American Centre for Strategic and International Studies, asserted that post-Snowden, the debate had shifted from freedom of expression to privacy versus security. The latter were not guaranteed on the internet. “I have never seen a government that does not conduct surveillance on its own citizens. The challenge is extending sovereignty without sacrificing human rights,” he said.
But what is the perception in the developing world where it is estimated that the next billion internet users will come from? Should Africa prioritise access over security? Alison Gillwald, executive director of Research ICT Africa, noted that many people on the continent are more concerned about getting access to the internet and less so their privacy online.
Meanwhile, emerging threats from terrorist and militia groups in Africa seem to have influenced the way some governments perceive internet freedom. In Nigeria, Gbenga Sesan noted that the abduction of 300 schoolgirls by a Muslim extremist group had re-enforced state surveillances measures. “The government is using such incidents to justify ‘rule of law’: ‘if we should provide you with more security, we need to access your privacy’,” said Mr. Sesan.
Perhaps, as Eileen Donahue, Director of Global Affairs at Human Rights Watch pointed out, even with continued discussion and research on the matter, “we may not be able to figure out how to proactively reconcile the internet and human rights.”